/
Size: px
Start display at page:

Download "https://hal.inria.fr/hal /"

Transcription

1

2

3

4

5

6 sk sk Encrypt sk (m ) = c Decrypt sk (c ) = m Encrypt sk (m ) = c Decrypt sk (c ) = m m, m c, c Encrypt Decrypt sk pk, sk Encrypt pk (m) = c Decrypt sk (c) = m pk sk k 2 k n (G, ) g G g = {g, g, g,, g n = 1} = G n

7 (Z/pZ) p (Z/pZ) p 1 n p 1 g (Z/pZ) n F q q = p d (F q ) q 1 E(F q ) (q + 1) 2 q n (G, +) G = {P, 2P, 3P,, np = O} h g h = g x x x x = log g (h) x n exp g (Z/nZ, +) (G, ) a g a a = b + kn exp g (a) = g a = g b = exp g (b) exp g (a + b) = exp g (a) exp g (b) exp g (a) = 1 n a a = 0 (G, ) (Z/nZ, +) g g g = g a a n b g = g b = g ab ab 1 mod n h = g a a h h b = 1 g ab = 1 ab 0 b 0 g, g h = g a h = g b log g (h) = a log g (h) = b. c = log g g g = g c h = g bc = g a a bc log g (g) = log g (h) log g g log g (h) log g (g) log g g g g g G = (Z/nZ, +) g gcd(g, n) = 1 1 G = {1, 2, 3,, n = 0} = {1, 2 1, 3 1, n 1 = 0} a 1 a n (Z/nZ, +) = G = g, 2g, 3g, ng = 0 h Z/nZ h xg x hg G n ρ n p p p n G O ( n) G h = g x x g, g, g, O (n) G (g i, i) g i G O (n) G O (n) G O (n log(n)) x h = g x h O (log(n))

8 h = g x x m = n x = i + mj 0 i, j < m h = g x = (g m ) j g i h(g ) i = (g m ) j ((g m ) j, j) j < m O ( n) O ( n log(n)) h, hg, h(g ),... O ( n) O ( n log(n)) ρ n g i h j = g i h j g i i = h j j i i x(j j) (j j) n x (g i h j, i, j) i j G n k n p(k) 1 p(k) = 1 1 n 1 2 n 1 k 1 k n = 1 i n 1 x e x x R 1 p(k) k i= e i/n = e k(k )/ n e (k ) / n f(k) = 1 e (k ) / n k = 1 + 2n log(1 A) A = f(k ) k k p(k) f(k) f(k ) = A 1/ n log n n n = 365 1/ log πn/ n f G G X G i, j X = g i h j f(x) i, j f(x) = g i h j G S,, S n f S k g h G S, S, S f(x) = X X S f(x) = hx X S f(x) = gx X S S X = g i h j f(x) = X = g i h j i=

9 X G X m = f(x m ) m > 0 ρ (X m, X m ) = (f(x m ), f f(x (m ) )) l c X,, X l, X l,, X l+c X m+c = X m m l u X u = X u u l 2u u = u u c u c l l = qc + r l c r = 0 u = qc = l r > 0 u = (q + 1)c u = (q + 1)c (q + 1)c + r = qc + r + c = l + c u c + l c + l O ( n) f O ( n) λ (X, i, j) X = g i h j F(X), i, j F(X) = g i h j n g h x h = g x i x, j x Z/nZ X = g i xh j x (X, i x, j x ) = (X, i x, j x ) (Y, i y, j y ) = (X, i x, j x ) X Y (X, i x, j x ) = (X, i x, j x ) (Y, i y, j y ) = (Y, i y, j y ) (Y, i y, j y ) = (Y, i y, j y ) j y j x n (i x i y )(j y j x ) (mod n) n p p p n n = p e p e r r h = g x p e i i n x p e x mod p e = a +a p+ +a e p e 0 a i p 1 h = g x h n/p = (g n/p ) a g n/p p g a mod p = a p h n/p = (g n/p ) a +a p (h/g a ) n/p = (g n/p ) a +a p a = (g n/p ) a p = (g n/p ) a a p x mod p e e mod p n (p,, p r ) (e,, e r ) g h

10 x h = g x i = 1 r g = g n/p i h = h n/p i a = log g ( h) f = 1 x i = a j = 1 e 1 f = fg a j p j i h = (hf ) n/pj+ i a j = log g ( h) x i = x i + a j p j i x (mod n) x x i (mod p e i i ) i = 1,, r n p n n S = {p, p,, p t } G G p i log g (p i ) k Z/nZ g k = p e i i k = e i log g (p i ) t log g (p i ) h = g x hg k k S x + k = e i log g (p i ) t t S L n (α, c) = O (exp(c(log n) α (log log n) α )) L(0, c) = (log n) c n L(1, c) = n c Z/pZ S = {primes < B} L p (1/2, 2) F q L q (1/3, c) c > 0 F p n p n n = 1 Z/pZ 768 p L q (1/4, c) c > 0 p n F n F n F L q (1/3, c) c p q = p n n F n p n = 6 n = 12

11 (Z/pZ) p 3072 q p 1 q 256 p Z/pZ E(Z/pZ) p p 2k k 256 p 128 F p ρ 3

12

13 (G, x) G = g n a Z/nZ X = g a X b Z/nZ Y = g b Y Z = g ab = Y a = X b X Y Z = g ab X = g a Y = g b (X = g a, Y = g b, Z = g ab ) Z G X Y a X Z = Y a G m G mz z Y pk = Y = g b m G X = g a my a = mz b b X Z m pk = h = g x x Z/nZ sk = x m G h = pk r Z/nZ c = (c, c ) = (g r, mh r ) c = (c, c ) x = sk c (c x ) (c, c ) = (g r, mh r ) c (c x ) = mh r (g rx ) = mg rx (g rx ) = m G m c pk

14 CDH m c pk DDH pk sk m sk σ m σ m pk H H {0, 1} A A A = {0, 1} n H G (Z/pZ) m M = H(m) Z/nZ H H {0, 1} Z/nZ h = g x x Z/nZ m M g (g r, h r g ) = (g r, g xr+ ) r Z/nZ s = xr + M Z/nZ f = g r (g r, g xr+ ) = (f, g s ) m σ = (f, s) (h, f, g s /g ) = (g x, g r, g xr ) r x r r, s, m x x = r (s M) Z/nZ r r 0 n H(f) r s g s = g xr+ s f s = g x (f)+ rs = xh(f) + M G n H {0, 1} Z/nZ pk = h = g x x sk = x m x r n f = g r s r (xh(f)+ H(m)) (mod n) σ = (f, s)

15 σ = (f, s) m h v = f s v = h (f) g (m) v = v v = f s = g rs = g x (f)+ (m) v = h (f) g (m) = g x (f)+ (m) q (Z/pZ) ρ P n H {0, 1} {1,, n 1} SHA2 l l n pk = Q = xp x 0 < x < n sk = x m x r 0 < r < n R = (x, y ) = rp x mod n = 0 r s r (x(x modn) + H(m)) (mod n) s 0 r σ = (σ, σ ) = (x mod n, s) (σ, σ ) Q Q n 1 < σ i < n i = 1, 2 u H(m)σ (mod n) u σ σ (mod n) (x, y ) = u P + u Q σ x mod n u P + u Q = (u + u x)p = (H(m)s + (x modn)s x)p = s (H(m) + (x modn)x)p = r(h(m) + x(x modn)) (H(m) + (x modn)x)p = rp x rp x r r σ σ m m σ σ = r (H(m) H(m )) r σ = r (x(x modn)+h(m)) x r r = 4

16 FIPS/NIST.FIPS pdf F p p G = P P = (x, y ) n n h Card E = nh h n p F p P 192, P 224, P 256, P 384, P 521 p h = 1 y = x 3x + b mod p a = 3 a p p F d K 163, K 233, K 283, K 409, K 571 d y + xy = x + ax + 1 a = 0, 1 h = 2 a = 1 h = 4 a = 0 y + xy = x + x + b b F d h = 2 B 163, B 233B 283, B 409, B 571 p > 3 y = x + ax + b Δ = 16(4a + 27b ) 0 (mod p) a b c a b cb a (mod p) a = c b = c a a, b a, b 5 u a = a u b = b c = a /b = a /b Δ 0 4a + 27b 0 4a /27b 1 4c 27 4c cr.yp.to F p

Similar documents

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography

Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography Course 2BA1: Trinity 2006 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2006 Contents 9 Introduction to Number Theory and Cryptography 1 9.1 Subgroups

More information

Lecture Note 3 Date:

Lecture Note 3 Date: P.Lafourcade Lecture Note 3 Date: 28.09.2009 Security models 1st Semester 2007/2008 ROUAULT Boris GABIAM Amanda ARNEDO Pedro 1 Contents 1 Perfect Encryption 3 1.1 Notations....................................

More information

Math 0320 Final Exam Review

Math 0320 Final Exam Review Math 0320 Final Exam Review SHORT ANSWER. Write the word or phrase that best completes each statement or answers the question. Factor out the GCF using the Distributive Property. 1) 6x 3 + 9x 1) Objective:

More information

Digital Signatures. Adam O Neill based on

Digital Signatures. Adam O Neill based on Digital Signatures Adam O Neill based on http://cseweb.ucsd.edu/~mihir/cse207/ Signing by hand COSMO ALICE ALICE Pay Bob $100 Cosmo Alice Alice Bank =? no Don t yes pay Bob Signing electronically SIGFILE

More information

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography

Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography Course MA2C02, Hilary Term 2013 Section 9: Introduction to Number Theory and Cryptography David R. Wilkins Copyright c David R. Wilkins 2000 2013 Contents 9 Introduction to Number Theory 63 9.1 Subgroups

More information

during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL

during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL THE MATHEMATICAL BACKGROUND OF CRYPTOGRAPHY Cryptography: used to safeguard information during transmission (e.g., credit card number for internet shopping) as opposed to Coding Theory: used to transmit

More information

Digital Signatures. p1.

Digital Signatures. p1. Digital Signatures p1. Digital Signatures Digital signature is the same as MAC except that the tag (signature) is produced using the secret key of a public-key cryptosystem. Message m MAC k (m) Message

More information

Discrete logarithm and related schemes

Discrete logarithm and related schemes Discrete logarithm and related schemes Martin Stanek Department of Computer Science Comenius University stanek@dcs.fmph.uniba.sk Cryptology 1 (2017/18) Content Discrete logarithm problem examples, equivalent

More information

Section IV.23. Factorizations of Polynomials over a Field

Section IV.23. Factorizations of Polynomials over a Field IV.23 Factorizations of Polynomials 1 Section IV.23. Factorizations of Polynomials over a Field Note. Our experience with classical algebra tells us that finding the zeros of a polynomial is equivalent

More information

Basics in Cryptology. Outline. II Distributed Cryptography. Key Management. Outline. David Pointcheval. ENS Paris 2018

Basics in Cryptology. Outline. II Distributed Cryptography. Key Management. Outline. David Pointcheval. ENS Paris 2018 Basics in Cryptology II Distributed Cryptography David Pointcheval Ecole normale supérieure, CNRS & INRIA ENS Paris 2018 NS/CNRS/INRIA Cascade David Pointcheval 1/26ENS/CNRS/INRIA Cascade David Pointcheval

More information

Graphing Square Roots - Class Work Graph the following equations by hand. State the domain and range of each using interval notation.

Graphing Square Roots - Class Work Graph the following equations by hand. State the domain and range of each using interval notation. Graphing Square Roots - Class Work Graph the following equations by hand. State the domain and range of each using interval notation. 1. y = x + 2 2. f(x) = x 1. y = x +. g(x) = 2 x 1. y = x + 2 + 6. h(x)

More information

A few exercises. 1. Show that f(x) = x 4 x 2 +1 is irreducible in Q[x]. Find its irreducible factorization in

A few exercises. 1. Show that f(x) = x 4 x 2 +1 is irreducible in Q[x]. Find its irreducible factorization in A few exercises 1. Show that f(x) = x 4 x 2 +1 is irreducible in Q[x]. Find its irreducible factorization in F 2 [x]. solution. Since f(x) is a primitive polynomial in Z[x], by Gauss lemma it is enough

More information

Analytic Geometry and Calculus I Exam 1 Practice Problems Solutions 2/19/7

Analytic Geometry and Calculus I Exam 1 Practice Problems Solutions 2/19/7 Analytic Geometry and Calculus I Exam 1 Practice Problems Solutions /19/7 Question 1 Write the following as an integer: log 4 (9)+log (5) We have: log 4 (9)+log (5) = ( log 4 (9)) ( log (5)) = 5 ( log

More information

1 FUNCTIONS _ 5 _ 1.0 RELATIONS

1 FUNCTIONS _ 5 _ 1.0 RELATIONS 1 FUNCTIONS 1.0 RELATIONS Notes : (i) Four types of relations : one-to-one many-to-one one-to-many many-to-many. (ii) Three ways to represent relations : arrowed diagram set of ordered pairs graph. (iii)

More information

On the CCA1-Security of Elgamal and Damgård s Elgamal

On the CCA1-Security of Elgamal and Damgård s Elgamal On the CCA1-Security of Elgamal and Damgård s Elgamal Cybernetica AS, Estonia Tallinn University, Estonia October 21, 2010 Outline I Motivation 1 Motivation 2 3 Motivation Three well-known security requirements

More information

5.4 ElGamal - definition

5.4 ElGamal - definition 5.4 ElGamal - definition In this section we define the ElGamal encryption scheme. Next to RSA it is the most important asymmetric encryption scheme. Recall that for a cyclic group G, an element g G is

More information

Public Key Cryptography

Public Key Cryptography Public Key Cryptography Introduction Public Key Cryptography Unlike symmetric key, there is no need for Alice and Bob to share a common secret Alice can convey her public key to Bob in a public communication:

More information

Advanced Cryptography 1st Semester Public Encryption

Advanced Cryptography 1st Semester Public Encryption Advanced Cryptography 1st Semester 2007-2008 Pascal Lafourcade Université Joseph Fourrier, Verimag Master: October 1st 2007 1 / 64 Last Time (I) Indistinguishability Negligible function Probabilities Indistinguishability

More information

Digital Signatures. Saravanan Vijayakumaran Department of Electrical Engineering Indian Institute of Technology Bombay

Digital Signatures. Saravanan Vijayakumaran Department of Electrical Engineering Indian Institute of Technology Bombay Digital Signatures Saravanan Vijayakumaran sarva@ee.iitb.ac.in Department of Electrical Engineering Indian Institute of Technology Bombay July 24, 2018 1 / 29 Group Theory Recap Groups Definition A set

More information

E-001 ELECTRICAL SYMBOL LEGEND SCIENCE BUILDING RENOVATION H PD SEISMIC REQUIREMENTS FOR ELECTRICAL SYSTEMS PER IBC-2012/ASCE 7-10

E-001 ELECTRICAL SYMBOL LEGEND SCIENCE BUILDING RENOVATION H PD SEISMIC REQUIREMENTS FOR ELECTRICAL SYSTEMS PER IBC-2012/ASCE 7-10 8 9 0 G H G H G H H Y Z H H, H Z H F H XP: F, X, Q G H G 0/0 H XG 00' GH F P FH FX H 0 /" GH-, H G HGH F H H H, K HP G, XG H F F, Y H H, '-0" Y H H H F F- H H H GH- H Q, G P G /8" HGH K F Y Z H F Y Y-

More information

On the Impossibility of Constructing Efficient KEMs and Programmable Hash Functions in Prime Order Groups

On the Impossibility of Constructing Efficient KEMs and Programmable Hash Functions in Prime Order Groups On the Impossibility of Constructing Efficient KEMs and Programmable Hash Functions in Prime Order Groups Goichiro Hanaoka, Takahiro Matsuda, Jacob C.N. Schuldt Research Institute for Secure Systems (RISEC)

More information

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University

CS 4770: Cryptography. CS 6750: Cryptography and Communication Security. Alina Oprea Associate Professor, CCIS Northeastern University CS 4770: Cryptography CS 6750: Cryptography and Communication Security Alina Oprea Associate Professor, CCIS Northeastern University March 26 2017 Outline RSA encryption in practice Transform RSA trapdoor

More information

Section Properties of Rational Expressions

Section Properties of Rational Expressions 88 Section. - Properties of Rational Expressions Recall that a rational number is any number that can be written as the ratio of two integers where the integer in the denominator cannot be. Rational Numbers:

More information

G Advanced Cryptography April 10th, Lecture 11

G Advanced Cryptography April 10th, Lecture 11 G.30-001 Advanced Cryptography April 10th, 007 Lecturer: Victor Shoup Lecture 11 Scribe: Kristiyan Haralambiev We continue the discussion of public key encryption. Last time, we studied Hash Proof Systems

More information

Lecture 3 Sept. 4, 2014

Lecture 3 Sept. 4, 2014 CS 395T: Sublinear Algorithms Fall 2014 Prof. Eric Price Lecture 3 Sept. 4, 2014 Scribe: Zhao Song In today s lecture, we will discuss the following problems: 1. Distinct elements 2. Turnstile model 3.

More information

Introduction to Elliptic Curve Cryptography

Introduction to Elliptic Curve Cryptography Indian Statistical Institute Kolkata May 19, 2017 ElGamal Public Key Cryptosystem, 1984 Key Generation: 1 Choose a suitable large prime p 2 Choose a generator g of the cyclic group IZ p 3 Choose a cyclic

More information

CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrovsky. Lecture 7

CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrovsky. Lecture 7 CS 282A/MATH 209A: Foundations of Cryptography Prof. Rafail Ostrovsky Lecture 7 Lecture date: Monday, 28 February, 2005 Scribe: M.Chov, K.Leung, J.Salomone 1 Oneway Trapdoor Permutations Recall that a

More information

PUTNAM TRAINING POLYNOMIALS. Exercises 1. Find a polynomial with integral coefficients whose zeros include

PUTNAM TRAINING POLYNOMIALS. Exercises 1. Find a polynomial with integral coefficients whose zeros include PUTNAM TRAINING POLYNOMIALS (Last updated: December 11, 2017) Remark. This is a list of exercises on polynomials. Miguel A. Lerma Exercises 1. Find a polynomial with integral coefficients whose zeros include

More information

b = 10 a, is the logarithm of b to the base 10. Changing the base to e we obtain natural logarithms, so a = ln b means that b = e a.

b = 10 a, is the logarithm of b to the base 10. Changing the base to e we obtain natural logarithms, so a = ln b means that b = e a. INTRODUCTION TO CRYPTOGRAPHY 5. Discrete Logarithms Recall the classical logarithm for real numbers: If we write b = 10 a, then a = log 10 b is the logarithm of b to the base 10. Changing the base to e

More information

HEAGAN & CO., OPP. f>, L. & W. DEPOT, DOYER, N. J, OUR MOTTO! ould Iwv ia immediate vltlui. VEEY BEST NEW Creamery Butter 22c ib,

HEAGAN & CO., OPP. f>, L. & W. DEPOT, DOYER, N. J, OUR MOTTO! ould Iwv ia immediate vltlui. VEEY BEST NEW Creamery Butter 22c ib, #4 NN N G N N % XX NY N Y FY N 2 88 N 28 k N k F P X Y N Y /» 2«X ««!!! 8 P 3 N 0»9! N k 25 F $ 60 $3 00 $3000 k k N 30 Y F00 6 )P 0» «{ N % X zz» «3 0««5 «N «XN» N N 00/ N 4 GN N Y 07 50 220 35 2 25 0

More information

Math 547, Exam 2 Information.

Math 547, Exam 2 Information. Math 547, Exam 2 Information. 3/19/10, LC 303B, 10:10-11:00. Exam 2 will be based on: Homework and textbook sections covered by lectures 2/3-3/5. (see http://www.math.sc.edu/ boylan/sccourses/547sp10/547.html)

More information

Chapter 8. P-adic numbers. 8.1 Absolute values

Chapter 8. P-adic numbers. 8.1 Absolute values Chapter 8 P-adic numbers Literature: N. Koblitz, p-adic Numbers, p-adic Analysis, and Zeta-Functions, 2nd edition, Graduate Texts in Mathematics 58, Springer Verlag 1984, corrected 2nd printing 1996, Chap.

More information

,,,,..,,., {. (, ),, {,.,.,..,,.,.,,....... {.. : N {, Z {, Q {, Q p { p{ {. 3, R {, C {. : ord p {. 8, (k) {.42,!() { {. 24, () { {. 24, () { {. 25,., () { {. 26,. 9, () { {. 27,. 23, '() { ( ) {. 28,

More information

Homework 9 Solutions to Selected Problems

Homework 9 Solutions to Selected Problems Homework 9 Solutions to Selected Problems June 11, 2012 1 Chapter 17, Problem 12 Since x 2 + x + 4 has degree 2 and Z 11 is a eld, we may use Theorem 17.1 and show that f(x) is irreducible because it has

More information

PreCalculus: Semester 1 Final Exam Review

PreCalculus: Semester 1 Final Exam Review Name: Class: Date: ID: A PreCalculus: Semester 1 Final Exam Review Short Answer 1. Determine whether the relation represents a function. If it is a function, state the domain and range. 9. Find the domain

More information

5199/IOC5063 Theory of Cryptology, 2014 Fall

5199/IOC5063 Theory of Cryptology, 2014 Fall 5199/IOC5063 Theory of Cryptology, 2014 Fall Homework 2 Reference Solution 1. This is about the RSA common modulus problem. Consider that two users A and B use the same modulus n = 146171 for the RSA encryption.

More information

Introduction to Cybersecurity Cryptography (Part 4)

Introduction to Cybersecurity Cryptography (Part 4) Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message

More information

Gauss s Theorem. Theorem: Suppose R is a U.F.D.. Then R[x] is a U.F.D. To show this we need to constuct some discrete valuations of R.

Gauss s Theorem. Theorem: Suppose R is a U.F.D.. Then R[x] is a U.F.D. To show this we need to constuct some discrete valuations of R. Gauss s Theorem Theorem: Suppose R is a U.F.D.. Then R[x] is a U.F.D. To show this we need to constuct some discrete valuations of R. Proposition: Suppose R is a U.F.D. and that π is an irreducible element

More information

Converting Pairing-Based Cryptosystems from Composite-Order Groups to Prime-Order Groups

Converting Pairing-Based Cryptosystems from Composite-Order Groups to Prime-Order Groups Converting Pairing-Based Cryptosystems from Composite-Order Groups to Prime-Order Groups David Mandell Freeman Stanford University, USA Eurocrypt 2010 Monaco, Monaco 31 May 2010 David Mandell Freeman (Stanford)

More information

Foundations. P =! NP oneway function signature schemes Trapdoor oneway function PKC, IBS IBE

Foundations. P =! NP oneway function signature schemes Trapdoor oneway function PKC, IBS IBE Foundations P =! NP oneway function signature schemes Trapdoor oneway function PKC, IBS IBE NP problems: IF, DL, Knapsack Hardness of these problems implies the security of cryptosytems? 2 Relations of

More information

Lecture 11: Key Agreement

Lecture 11: Key Agreement Introduction to Cryptography 02/22/2018 Lecture 11: Key Agreement Instructor: Vipul Goyal Scribe: Francisco Maturana 1 Hardness Assumptions In order to prove the security of cryptographic primitives, we

More information

f(f 1 (B)) B f(f 1 (B)) = B B f(s) f 1 (f(a)) A f 1 (f(a)) = A f : S T 若敘述為真則證明之, 反之則必須給反例 (Q, ) y > 1 y 1/n y t > 1 n > (y 1)/(t 1) y 1/n < t

f(f 1 (B)) B f(f 1 (B)) = B B f(s) f 1 (f(a)) A f 1 (f(a)) = A f : S T 若敘述為真則證明之, 反之則必須給反例 (Q, ) y > 1 y 1/n y t > 1 n > (y 1)/(t 1) y 1/n < t S T A S B T f : S T f(f 1 (B)) B f(f 1 (B)) = B B f(s) f 1 (f(a)) A f 1 (f(a)) = A f : S T f : S T S T f y T f 1 ({y) f(d 1 D 2 ) = f(d 1 ) f(d 2 ) D 1 D 2 S F x 0 x F x = 0 x = 0 x y = x y x, y F x +

More information

Algebra I: Final 2012 June 22, 2012

Algebra I: Final 2012 June 22, 2012 1 Algebra I: Final 2012 June 22, 2012 Quote the following when necessary. A. Subgroup H of a group G: H G = H G, xy H and x 1 H for all x, y H. B. Order of an Element: Let g be an element of a group G.

More information

1983 FG8.1, 1991 HG9, 1996 HG9

1983 FG8.1, 1991 HG9, 1996 HG9 nswers: (1- HKMO Heat Events) reated by: Mr. Francis Hung Last updated: 6 February 017 - Individual 1 11 70 6 1160 7 11 8 80 1 10 1 km 6 11-1 Group 6 7 7 6 8 70 10 Individual Events I1 X is a point on

More information

Lecture 14 More on Digital Signatures and Variants. COSC-260 Codes and Ciphers Adam O Neill Adapted from

Lecture 14 More on Digital Signatures and Variants. COSC-260 Codes and Ciphers Adam O Neill Adapted from Lecture 14 More on Digital Signatures and Variants COSC-260 Codes and Ciphers Adam O Neill Adapted from http://cseweb.ucsd.edu/~mihir/cse107/ Setting the Stage We will cover in more depth some issues for

More information

Advanced Topics in Cryptography

Advanced Topics in Cryptography Advanced Topics in Cryptography Lecture 6: El Gamal. Chosen-ciphertext security, the Cramer-Shoup cryptosystem. Benny Pinkas based on slides of Moni Naor page 1 1 Related papers Lecture notes of Moni Naor,

More information

Introduction to Cryptography. Lecture 8

Introduction to Cryptography. Lecture 8 Introduction to Cryptography Lecture 8 Benny Pinkas page 1 1 Groups we will use Multiplication modulo a prime number p (G, ) = ({1,2,,p-1}, ) E.g., Z 7* = ( {1,2,3,4,5,6}, ) Z p * Z N * Multiplication

More information

MATH 3030, Abstract Algebra FALL 2012 Toby Kenney Midyear Examination Friday 7th December: 7:00-10:00 PM

MATH 3030, Abstract Algebra FALL 2012 Toby Kenney Midyear Examination Friday 7th December: 7:00-10:00 PM MATH 3030, Abstract Algebra FALL 2012 Toby Kenney Midyear Examination Friday 7th December: 7:00-10:00 PM Basic Questions 1. Compute the factor group Z 3 Z 9 / (1, 6). The subgroup generated by (1, 6) is

More information

Lecture 7: ElGamal and Discrete Logarithms

Lecture 7: ElGamal and Discrete Logarithms Lecture 7: ElGamal and Discrete Logarithms Johan Håstad, transcribed by Johan Linde 2006-02-07 1 The discrete logarithm problem Recall that a generator g of a group G is an element of order n such that

More information

Chapter 7: Exponents

Chapter 7: Exponents Chapter : Exponents Algebra Chapter Notes Name: Notes #: Sections.. Section.: Review Simplify; leave all answers in positive exponents:.) m -.) y -.) m 0.) -.) -.) - -.) (m ) 0.) 0 x y Evaluate if a =

More information

Lecture 30: Hybrid Encryption and Prime Number Generation. Hybrid Encryption & Primes

Lecture 30: Hybrid Encryption and Prime Number Generation. Hybrid Encryption & Primes Lecture 30: Hybrid Encryption and Prime Number Generation Recall: ElGamal Encryption I We begin by recalling the ElGamal Public-key Encryption Recall that to describe a private-key encryption scheme we

More information

Aspects of Pairing Inversion

Aspects of Pairing Inversion Applications of Aspects of ECC 2007 - Dublin Aspects of Applications of Applications of Aspects of Applications of Pairings Let G 1, G 2, G T be groups of prime order r. A pairing is a non-degenerate bilinear

More information

LOWELL JOURNAL. DEBS IS DOOMED. Presldrtit Cleveland Write* to the New York Democratic Rilltors. friends were present at the banquet of

LOWELL JOURNAL. DEBS IS DOOMED. Presldrtit Cleveland Write* to the New York Democratic Rilltors. friends were present at the banquet of X 9 Z X 99 G F > «?« - F # K-j! K F v G v x- F v v» v K v v v F

More information

Local Fields. Chapter Absolute Values and Discrete Valuations Definitions and Comments

Local Fields. Chapter Absolute Values and Discrete Valuations Definitions and Comments Chapter 9 Local Fields The definition of global field varies in the literature, but all definitions include our primary source of examples, number fields. The other fields that are of interest in algebraic

More information

Homework 8 Solutions to Selected Problems

Homework 8 Solutions to Selected Problems Homework 8 Solutions to Selected Problems June 7, 01 1 Chapter 17, Problem Let f(x D[x] and suppose f(x is reducible in D[x]. That is, there exist polynomials g(x and h(x in D[x] such that g(x and h(x

More information

Cryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg

Cryptography. Course 1: Remainder: RSA. Jean-Sébastien Coron. September 21, Université du Luxembourg Course 1: Remainder: RSA Université du Luxembourg September 21, 2010 Public-key encryption Public-key encryption: two keys. One key is made public and used to encrypt. The other key is kept private and

More information

Math 131 Exam 2 Spring 2016

Math 131 Exam 2 Spring 2016 Math 3 Exam Spring 06 Name: ID: 7 multiple choice questions worth 4.7 points each. hand graded questions worth 0 points each. 0. free points (so the total will be 00). Exam covers sections.7 through 3.0

More information

Elliptic Curve Cryptography

Elliptic Curve Cryptography Elliptic Curve Cryptography Elliptic Curves An elliptic curve is a cubic equation of the form: y + axy + by = x 3 + cx + dx + e where a, b, c, d and e are real numbers. A special addition operation is

More information

Two subgroups and semi-direct products

Two subgroups and semi-direct products Two subgroups and semi-direct products 1 First remarks Throughout, we shall keep the following notation: G is a group, written multiplicatively, and H and K are two subgroups of G. We define the subset

More information

Chapter-2 Relations and Functions. Miscellaneous

Chapter-2 Relations and Functions. Miscellaneous 1 Chapter-2 Relations and Functions Miscellaneous Question 1: The relation f is defined by The relation g is defined by Show that f is a function and g is not a function. The relation f is defined as It

More information

Cryptography and Security Midterm Exam

Cryptography and Security Midterm Exam Cryptography and Security Midterm Exam Serge Vaudenay 23.11.2017 duration: 1h45 no documents allowed, except one 2-sided sheet of handwritten notes a pocket calculator is allowed communication devices

More information

-$! " #$%&! ' () * +,,,)* -./ ( 01! 6 %&! +,,.: - 1?* 'F! %&! '3*4 -$ ):7 +,,

-$! #$%&! ' () * +,,,)* -./ ( 01! 6 %&! +,,.: - 1?* 'F! %&! '3*4 -$ ):7 +,, ((((( +,-. ()* $%&' "#! : :!, %& ' ()*+ $ " -$! " #$%&! ' () * +,,,)* -. ( 01! '% 6):7 -$'1& '*6 )78 %&! +,, 79.& 2* '3*4 0 (A 6>* & ' BC D$!E.?@$* '*! ;4 6 %&! +,,.: - 1?* 'F! %&! '3*4 -$ ):7

More information

MTH310 EXAM 2 REVIEW

MTH310 EXAM 2 REVIEW MTH310 EXAM 2 REVIEW SA LI 4.1 Polynomial Arithmetic and the Division Algorithm A. Polynomial Arithmetic *Polynomial Rings If R is a ring, then there exists a ring T containing an element x that is not

More information

. ^e Traveler in taesnok. i the IHilty.-^ifStiiart. BbUaaoa aad WalL.""ras 'crossing a mountain»h ch w e are A«ply inteiwted. Add

. ^e Traveler in taesnok. i the IHilty.-^ifStiiart. BbUaaoa aad WalL.ras 'crossing a mountain»h ch w e are A«ply inteiwted. Add x 8[ x [qqq xq F x & R FX G NR F XN R X ( F R Y

More information

Secret Sharing CPT, Version 3

Secret Sharing CPT, Version 3 Secret Sharing CPT, 2006 Version 3 1 Introduction In all secure systems that use cryptography in practice, keys have to be protected by encryption under other keys when they are stored in a physically

More information

Practice Final Exam Winter 2017, CS 485/585 Crypto March 14, 2017

Practice Final Exam Winter 2017, CS 485/585 Crypto March 14, 2017 Practice Final Exam Name: Winter 2017, CS 485/585 Crypto March 14, 2017 Portland State University Prof. Fang Song Instructions This exam contains 7 pages (including this cover page) and 5 questions. Total

More information

Introduction to Cybersecurity Cryptography (Part 4)

Introduction to Cybersecurity Cryptography (Part 4) Introduction to Cybersecurity Cryptography (Part 4) Review of Last Lecture Blockciphers Review of DES Attacks on Blockciphers Advanced Encryption Standard (AES) Modes of Operation MACs and Hashes Message

More information

Chapter 4. Remember: F will always stand for a field.

Chapter 4. Remember: F will always stand for a field. Chapter 4 Remember: F will always stand for a field. 4.1 10. Take f(x) = x F [x]. Could there be a polynomial g(x) F [x] such that f(x)g(x) = 1 F? Could f(x) be a unit? 19. Compare with Problem #21(c).

More information

Discovery Guide. Beautiful, mysterious woman pursued by gunmen. Sounds like a spy story...

Discovery Guide. Beautiful, mysterious woman pursued by gunmen. Sounds like a spy story... Dv G W C T Gp, A T Af Hk T 39 Sp. M Mx Hk p j p v, f M P v...(!) Af Hk T 39 Sp, B,,, UNMISSABLE! T - f 4 p v 150 f-p f x v. Bf, k 4 p v 150. H k f f x? D,,,, v? W k, pf p f p? W f f f? W k k p? T p xp

More information

Algebra Exam Fall Alexander J. Wertheim Last Updated: October 26, Groups Problem Problem Problem 3...

Algebra Exam Fall Alexander J. Wertheim Last Updated: October 26, Groups Problem Problem Problem 3... Algebra Exam Fall 2006 Alexander J. Wertheim Last Updated: October 26, 2017 Contents 1 Groups 2 1.1 Problem 1..................................... 2 1.2 Problem 2..................................... 2

More information

Mathematical Olympiad Training Polynomials

Mathematical Olympiad Training Polynomials Mathematical Olympiad Training Polynomials Definition A polynomial over a ring R(Z, Q, R, C) in x is an expression of the form p(x) = a n x n + a n 1 x n 1 + + a 1 x + a 0, a i R, for 0 i n. If a n 0,

More information

ASYMMETRIC ENCRYPTION

ASYMMETRIC ENCRYPTION ASYMMETRIC ENCRYPTION 1 / 1 Recommended Book Steven Levy. Crypto. Penguin books. 2001. A non-technical account of the history of public-key cryptography and the colorful characters involved. 2 / 1 Recall

More information

Test 2 Review Math 1111 College Algebra

Test 2 Review Math 1111 College Algebra Test 2 Review Math 1111 College Algebra 1. Begin by graphing the standard quadratic function f(x) = x 2. Then use transformations of this graph to graph the given function. g(x) = x 2 + 2 *a. b. c. d.

More information

Groups, Rings, and Finite Fields. Andreas Klappenecker. September 12, 2002

Groups, Rings, and Finite Fields. Andreas Klappenecker. September 12, 2002 Background on Groups, Rings, and Finite Fields Andreas Klappenecker September 12, 2002 A thorough understanding of the Agrawal, Kayal, and Saxena primality test requires some tools from algebra and elementary

More information

Polynomial Rings. i=0

Polynomial Rings. i=0 Polynomial Rings 4-15-2018 If R is a ring, the ring of polynomials in x with coefficients in R is denoted R[x]. It consists of all formal sums a i x i. Here a i = 0 for all but finitely many values of

More information

Trapdoor functions from the Computational Diffie-Hellman Assumption

Trapdoor functions from the Computational Diffie-Hellman Assumption Trapdoor functions from the Computational Diffie-Hellman Assumption Sanjam Garg 1 Mohammad Hajiabadi 1,2 1 University of California, Berkeley 2 University of Virginia August 22, 2018 1 / 18 Classical Public-Key

More information

COMP4109 : Applied Cryptography

COMP4109 : Applied Cryptography COMP409 : Applied Cryptography Fall 203 M. Jason Hinek Carleton University Applied Cryptography Day 3 public-key encryption schemes some attacks on RSA factoring small private exponent 2 RSA cryptosystem

More information

Review Problems for Midterm Exam II MTH 299 Spring n(n + 1) 2. = 1. So assume there is some k 1 for which

Review Problems for Midterm Exam II MTH 299 Spring n(n + 1) 2. = 1. So assume there is some k 1 for which Review Problems for Midterm Exam II MTH 99 Spring 014 1. Use induction to prove that for all n N. 1 + 3 + + + n(n + 1) = n(n + 1)(n + ) Solution: This statement is obviously true for n = 1 since 1()(3)

More information

Chapter 7: Signature Schemes. COMP Lih-Yuan Deng

Chapter 7: Signature Schemes. COMP Lih-Yuan Deng Chapter 7: Signature Schemes COMP 7120-8120 Lih-Yuan Deng lihdeng@memphis.edu Overview Introduction Security requirements for signature schemes ElGamal signature scheme Variants of ElGamal signature scheme

More information

2008 Euclid Contest. Solutions. Canadian Mathematics Competition. Tuesday, April 15, c 2008 Centre for Education in Mathematics and Computing

2008 Euclid Contest. Solutions. Canadian Mathematics Competition. Tuesday, April 15, c 2008 Centre for Education in Mathematics and Computing Canadian Mathematics Competition An activity of the Centre for Education in Mathematics and Computing, University of Waterloo, Waterloo, Ontario 008 Euclid Contest Tuesday, April 5, 008 Solutions c 008

More information

Section 5.1 Composite Functions

Section 5.1 Composite Functions Section 5. Composite Functions Objective #: Form a Composite Function. In many cases, we can create a new function by taking the composition of two functions. For example, suppose f(x) x and g(x) x +.

More information

L bor y nnd Union One nnd Inseparable. LOW I'LL, MICHIGAN. WLDNHSDA Y. JULY ), I8T. liuwkll NATIdiNAI, liank

L bor y nnd Union One nnd Inseparable. LOW I'LL, MICHIGAN. WLDNHSDA Y. JULY ), I8T. liuwkll NATIdiNAI, liank G k y $5 y / >/ k «««# ) /% < # «/» Y»««««?# «< >«>» y k»» «k F 5 8 Y Y F G k F >«y y

More information

ECE 4400:693 - Information Theory

ECE 4400:693 - Information Theory ECE 4400:693 - Information Theory Dr. Nghi Tran Lecture 8: Differential Entropy Dr. Nghi Tran (ECE-University of Akron) ECE 4400:693 Lecture 1 / 43 Outline 1 Review: Entropy of discrete RVs 2 Differential

More information

EXPONENTIAL SUMS EQUIDISTRIBUTION

EXPONENTIAL SUMS EQUIDISTRIBUTION EXPONENTIAL SUMS EQUIDISTRIBUTION PSEUDORANDOMNESS (1) Exponential sums over subgroups General philosophy: multiplicative subgroups are well-distributed even if they are very small Conjecture. (M-V-W)

More information

Identity-based encryption

Identity-based encryption Identity-based encryption Michel Abdalla ENS & CNRS MPRI - Course 2-12-1 Michel Abdalla (ENS & CNRS) Identity-based encryption 1 / 43 Identity-based encryption (IBE) Goal: Allow senders to encrypt messages

More information

LOWELL WEEKLY JOURNAL

LOWELL WEEKLY JOURNAL G $ G 2 G ««2 ««q ) q «\ { q «««/ 6 «««««q «] «q 6 ««Z q «««Q \ Q «q «X ««G X G ««? G Q / Q Q X ««/«X X «««Q X\ «q «X \ / X G XX «««X «x «X «x X G X 29 2 ««Q G G «) 22 G XXX GG G G G G G X «x G Q «) «G

More information

1) The line has a slope of ) The line passes through (2, 11) and. 6) r(x) = x + 4. From memory match each equation with its graph.

1) The line has a slope of ) The line passes through (2, 11) and. 6) r(x) = x + 4. From memory match each equation with its graph. Review Test 2 Math 1314 Name Write an equation of the line satisfying the given conditions. Write the answer in standard form. 1) The line has a slope of - 2 7 and contains the point (3, 1). Use the point-slope

More information

COMP Intro to Logic for Computer Scientists. Lecture 15

COMP Intro to Logic for Computer Scientists. Lecture 15 COMP 1002 Intro to Logic for Computer Scientists Lecture 15 B 5 2 J Puzzle: better than nothing Nothing is better than eternal bliss A burger is better than nothing ------------------------------------------------

More information

Groups Subgroups Normal subgroups Quotient groups Homomorphisms Cyclic groups Permutation groups Cayley s theorem Class equations Sylow theorems

Groups Subgroups Normal subgroups Quotient groups Homomorphisms Cyclic groups Permutation groups Cayley s theorem Class equations Sylow theorems Group Theory Groups Subgroups Normal subgroups Quotient groups Homomorphisms Cyclic groups Permutation groups Cayley s theorem Class equations Sylow theorems Groups Definition : A non-empty set ( G,*)

More information

THE UNIVERSITY OF CALGARY FACULTY OF SCIENCE DEPARTMENT OF COMPUTER SCIENCE DEPARTMENT OF MATHEMATICS & STATISTICS MIDTERM EXAMINATION 1 FALL 2018

THE UNIVERSITY OF CALGARY FACULTY OF SCIENCE DEPARTMENT OF COMPUTER SCIENCE DEPARTMENT OF MATHEMATICS & STATISTICS MIDTERM EXAMINATION 1 FALL 2018 THE UNIVERSITY OF CALGARY FACULTY OF SCIENCE DEPARTMENT OF COMPUTER SCIENCE DEPARTMENT OF MATHEMATICS & STATISTICS MIDTERM EXAMINATION 1 FALL 2018 CPSC 418/MATH 318 L01 October 17, 2018 Time: 50 minutes

More information

Lecture 6: Gaussian Channels. Copyright G. Caire (Sample Lectures) 157

Lecture 6: Gaussian Channels. Copyright G. Caire (Sample Lectures) 157 Lecture 6: Gaussian Channels Copyright G. Caire (Sample Lectures) 157 Differential entropy (1) Definition 18. The (joint) differential entropy of a continuous random vector X n p X n(x) over R is: Z h(x

More information

AP Calculus Summer Homework

AP Calculus Summer Homework Class: Date: AP Calculus Summer Homework Show your work. Place a circle around your final answer. 1. Use the properties of logarithms to find the exact value of the expression. Do not use a calculator.

More information

Chapter 7: Exponents

Chapter 7: Exponents Chapter : Exponents Algebra Chapter Notes Name: Algebra Homework: Chapter (Homework is listed by date assigned; homework is due the following class period) HW# Date In-Class Homework M / Review of Sections.-.

More information

Déjà Q All Over Again

Déjà Q All Over Again Royal Holloway, February 2017 1/43 Bilinear Groups and Assumptions Reductions Symmetric Schemes Conclusions Déjà Q All Over Again Melissa Chase 1 Mary Maller 2 1 MSR Redmond Sarah Meiklejohn 2 2 University

More information

RSA meets DPA: Recovering RSA Secret Keys from Noisy Analog Data

RSA meets DPA: Recovering RSA Secret Keys from Noisy Analog Data RSA meets DPA: Recovering RSA Secret Keys from Noisy Analog Data Noboru Kunihiro and Junya Honda The University of Tokyo, Japan September 25th, 2014 The full version is available from http://eprint.iacr.org/2014/513.

More information

Lattices. A Lattice is a discrete subgroup of the additive group of n-dimensional space R n.

Lattices. A Lattice is a discrete subgroup of the additive group of n-dimensional space R n. Lattices A Lattice is a discrete subgroup of the additive group of n-dimensional space R n. Lattices have many uses in cryptography. They may be used to define cryptosystems and to break other ciphers.

More information

LOWELL WEEKLY JOURNAL

LOWELL WEEKLY JOURNAL Y G q G Y Y 29 8 $ 29 G 6 q )

More information

Definition of a finite group

Definition of a finite group Elliptic curves Definition of a finite group (G, * ) is a finite group if: 1. G is a finite set. 2. For each a and b in G, also a * b is in G. 3. There is an e in G such that for all a in G, a * e= e *

More information

CHAPTER 14. Ideals and Factor Rings

CHAPTER 14. Ideals and Factor Rings CHAPTER 14 Ideals and Factor Rings Ideals Definition (Ideal). A subring A of a ring R is called a (two-sided) ideal of R if for every r 2 R and every a 2 A, ra 2 A and ar 2 A. Note. (1) A absorbs elements

More information

Advanced Cryptography 03/06/2007. Lecture 8

Advanced Cryptography 03/06/2007. Lecture 8 Advanced Cryptography 03/06/007 Lecture 8 Lecturer: Victor Shoup Scribe: Prashant Puniya Overview In this lecture, we will introduce the notion of Public-Key Encryption. We will define the basic notion

More information
2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback